update: readme

Mokhlesur Mahin · Mokhlesur Mahin · commit 0df59fcb64d0 · 2024-08-13T22:08:26.000+06:00
diff --git a/README.md b/README.md
@@ -1 +1,64 @@
-# github-action-by-permission
+# RBAC in Github Action
+
+## Why? 
+RBAC (Role-Based Access Control) in GitHub Actions provides a mechanism to control who can trigger specific workflows. By using a `permissions.yml` file, you can define the GitHub usernames that are authorized to manually trigger particular pipelines. This setup ensures that only users with explicit permission can execute these workflows, offering enhanced security and strict access control within your CI/CD processes. This approach is ideal for organizations that require granular control over workflow initiation, limiting access to those who are authorized to perform critical actions.
+
+## Status
+Development of this action is still ongoing, with plans to introduce more features in the future, offering even greater flexibility and control over workflow permissions.
+
+
+## Usage
+The `github-action-by-permission` action is designed to enforce Role-Based Access Control (RBAC) for manually triggered (`workflow_dispatch`) GitHub workflows. Here's a simple example of how to use this action to control who can trigger a specific workflow:
+
+```yml
+name: Test Action Trigger Permissions
+
+on:
+  workflow_dispatch:
+
+jobs:
+  example-job:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Check Permissions
+        uses: mokhlesurr031/github-action-by-permission@v1.0
+        with:
+          permissions-file: 'user-permissions.yml' //specify your yml file with correct path here
+
+      - name: Echo Something
+        run: echo "Hello World!"
+```
+
+### Explanation
+**Checkout Code**: The first step checks out the repository code using the standard actions/checkout@v3 action.
+
+**Check Permissions**: The `github-action-by-permission` action is then used to verify if the user who initiated the workflow has permission to do so. It references a yml file (in this case, named user-permissions.yml) where allowed users are defined.
+
+**Echo Something**: If the permission check passes, the workflow proceeds to execute subsequent steps, such as echoing "Hello World!" in this example. You can specify your workflows as needed.
+
+### Key Points
+**permissions-file**: This input points to the YAML file that contains the list of users authorized to trigger the workflow. Only those listed in this file will be able to execute the pipeline. 
+
+`Note`: *In general, this `permissions.yaml` file is kept in the root directory of the project*.
+The structure of this file is as below:
+
+```yml
+allowed_users:
+- user1
+- user2
+- user3
+```
+
+**Security and Control**: By integrating this action into your workflows, you can ensure that only authorized individuals have the ability to initiate critical processes, adding a layer of security and control to your CI/CD pipelines.
+
+
+This example demonstrates how to set up and use the `github-action-by-permission` action to manage access to your GitHub Actions workflows.
+
+
+## Github Repository
+You can visit this repo for the latest release => [Click Here](https://github.com/mokhlesurr031/github-action-by-permission)
+
+And this repo contains the test of this action => [Click Here](https://github.com/mokhlesurr031/test-github-action-by-permission)
